<!--#include file="lib/utf-8.asp"-->
<!--#include file="lib/connopen.asp"-->
<!--#include file="lib/asp-common-lib.asp"-->
<!--#include file="lib/asp-json-lib.asp"-->
<%
Response.ContentType = "application/json"
action=saferequest("action",0)
username=saferequest("username",0)
password=saferequest("password",0)
'response.write(username)
'response.end
dim json,i
set json=jsObject()
if action="登录" then
	set rs=server.createobject("adodb.recordset")
	sql="select * from username left join flag on username.id=flag.username where username.username='"&username&"' and [password]='"&password&"' and active=true"
	rs.open sql,conn,1,1
	if not rs.eof then
		json("bStatus")=true
		session("sSystem")="ccoffice"
		session("bLogin")=true
		session("iId")=rs("id")
		session("sUserName")=rs("username.username")
		session("sFullName")=rs("fullname")
		session("bWan")=rs("wan")
		session("aFields")=array("post","flag")
		' session中存储的是数组，不能直接修改session内数组的值，只能通过普通数组整个赋值给session来修改
		dim aaPostFlag
		aaPostFlag=array()
		aaPostFlag=rs.getrows(,,session("aFields"))
		' session("aaPostFlag")=rs.getrows(,,session("aFields"))
		session("aaPostFlag")=aaPostFlag
		session.TimeOut=60
		set rs_post=server.createobject("adodb.recordset")
		sql_post="select id,post from post order by id"
		rs_post.open sql_post,conn,1,1
		session("aaPostName")=rs_post.getrows()
		rs_post.close
		set rs_post=nothing
		' 如果访问的不是内网网卡地址，就说明是外网的用户，vpn拨号进来访问的也是内网地址
		if not CheckLan() then
			' 有没有外网的访问权限，如果有，就全部重置权限为2-查询、查看(admin除外)
			' if session("bWan") then
				' if session("sUserName")<>"admin" then
					' for i=0 to ubound(aaPostFlag,2)
						' 对低于2权限的不做修改
						' if aaPostFlag(1,i)>=2 then aaPostFlag(1,i)=2
					' next
					' session("aaPostFlag")=aaPostFlag
				' end if
			' else
				' session.abandon
			' end if
			
			if not session("bWan") then
				session.abandon
			end if
			
		end if
		if not CheckPassword(password) then
			session("aaPostFlag")=""
			json("bChangePws")=true
			json("sInfo")="密码过于简单，请立即修改密码"
		end if
	else
		json("bStatus")=false
		json("sInfo")="登入错误"
	end if
	rs.close
	set rs=nothing
elseif action="退出" then
	session.abandon
	json("bStatus")=true
end if
json.Flush
%>
<!--#include file="lib/connclose.asp"-->

